Tuesday, December 31, 2013

NSA can turn iPhones into spying tool

LONDON: A well-known privacy advocate has given the public an unusually explicit peek into the intelligence world's tool box, pulling back the curtain on the National Security Agency's arsenal of high-tech spy gear. 

Independent journalist and security expert Jacob Appelbaum told a hacker conference in Germany that the NSA could turn iPhones into eavesdropping tools and use radar wave devices to harvest electronic information from computer even if they weren't online. 

Appelbaum told hundreds of computer experts gathered at Hamburg's Chaos Communications Conference that his revelations about the NSA's capabilities "are even worse than your worst nightmares."  

"What I am going to show you today is wrist-slittingly depressing," he said.

Even though in the past six months there have been an unprecedented level of public scrutiny of the NSA and its methods, Appelbaum's claims -- supported by what appeared to be internal NSA slideshows -- still caused a stir.

One of the slides described how the NSA can plant malicious software onto Apple's iPhone, giving American intelligence agents the ability to turn the popular smartphone into a pocket-sized spy.

Monday, December 30, 2013

Six HTC Employees Accused of Leaking Trade Secrets and Accepting Kickbacks Worth $1.1 Million

Six HTC employees, including Thomas Chien, former vice president for product design at HTC have been accused and charged for leaking company trade secrets, accepting kickbacks of $1.1 million and creating false expense reports.

The accusations have been made by The Taipei District Prosecutors Office. According to a Wall Street Journal report , the accused leaked the design for an upcoming HTC smartphone interface to unauthorized suppliers. The employees reportedly planned to use the un-launched design to start their own smartphone company in China and Taiwan. The external suppliers are yet to be identified.

Taipei Times revealed the identities of the five accused employees to be HTC research and development director Wu Chien-hung, HTC senior manager of design and innovation Huang Kuo-ching, senior manager of design and innovation Huang Hung-yi, manufacturing design department manager Hung Chung-yi, and employee Chen Shih-tsou.

"The company expects employees to observe and practice the highest levels of integrity and ethics," Taipei Times quoted HTC as saying in a statement. "Protecting the company's proprietary and intellectual properties, privacy and security is a core fundamental responsibility of every employee. The company does not condone any violation."

Read more here.

Singapore's IME audited for spying

Singapore says US officials invited to inspect the work of a local research institute to probe spy claims have been 'satisfied' with the audit findings.

The state-linked Institute of Microelectronics (IME) was first thrust into the spotlight in February when the London-based Financial Times cast doubt on the apparent suicide of one of its former researchers - US electronics engineer Shane Todd, who was found hanged in his Singapore flat in June 2012.
It said his family suspected he was murdered because of his work on a joint IME project with Huawei Technologies involving gallium nitride, a semiconductor material with military and commercial applications. Singapore's foreign ministry said in a statement on Monday that US officials had completed a 'process audit' at the IME, after being invited to do so following allegations it was involved in an improper transfer of technology with Huawei.

'The US officials who came for the audit were satisfied with the audit,' the ministry said in the short statement.

Huawei - accused by US officials of involvement in espionage - and IME said they had only held preliminary talks on a potential project with commercial applications, but had not gone further.
A state coroner subsequently ruled in July that 31-year-old Todd took his own life during a bout of depression, debunking his family's conspiracy theory.

The family attended the coroner's inquest in May but angrily walked out after six days and flew home, saying they had 'lost faith' in the proceedings.

Read more here.

Sunday, December 29, 2013

Documents Reveal Top NSA Hacking Unit

The NSA's TAO hacking unit is considered to be the intelligence agency's top secret weapon. It maintains its own covert network, infiltrates computers around the world and even intercepts shipping deliveries to plant back doors in electronics ordered by those it is targeting.

In January 2010, numerous homeowners in San Antonio, Texas, stood baffled in front of their closed garage doors. They wanted to drive to work or head off to do their grocery shopping, but their garage door openers had gone dead, leaving them stranded. No matter how many times they pressed the buttons, the doors didn't budge. The problem primarily affected residents in the western part of the city, around Military Drive and the interstate highway known as Loop 410.

In the United States, a country of cars and commuters, the mysterious garage door problem quickly became an issue for local politicians. Ultimately, the municipal government solved the riddle. Fault for the error lay with the United States' foreign intelligence service, the National Security Agency, which has offices in San Antonio. Officials at the agency were forced to admit that one of the NSA's radio antennas was broadcasting at the same frequency as the garage door openers. Embarrassed officials at the intelligence agency promised to resolve the issue as quickly as possible, and soon the doors began opening again.

Friday, December 27, 2013

N.Y. judge rules NSA phone surveillance legal

NEW YORK — A federal judge on Friday found that the National Security Agency's bulk collection of millions of Americans' telephone records is legal and a valuable part of the nation's arsenal to counter the threat of terrorism and "only works because it collects everything."

U.S. District Judge William Pauley said in a written opinion that the program "represents the government's counter-punch" to eliminate al-Qaida's terror network by connecting fragmented and fleeting communications.

"This blunt tool only works because it collects everything," Pauley said. "The collection is broad, but the scope of counterterrorism investigations is unprecedented."

He said the mass collection of phone data "significantly increases the NSA's capability to detect the faintest patterns left behind by individuals affiliated with foreign terrorist organizations. Armed with all the metadata, NSA can draw connections it might otherwise never be able to find."

He added that such a program, if unchecked, "imperils the civil liberties of every citizen" and he noted the lively debate about the subject across the nation, in Congress and at the White House.
Read more here.

Thursday, December 19, 2013

NSA Spying Just Cost Boeing 4-5 Billion Worth of Fighter Jets

The NSA spying scandal Edward Snowden revealed to the world has upset lots of people and even a few countries. Now it’s a US company that looks set to suffer billions in lost revenue because of it.
Boeing is a heavyweight in the field of aircraft, and when a large contract comes up for new fighter jets you’d expect them to be at the top of the list for securing the work. But that’s not the case in Brazil where the company just failed to win a contract worth at least $4.5 billion.
Brazil needs to replace its fighter jet fleet and has been negotiating a contract to do so for over a decade. Boeing was the company expected to win the contract, but apparently that all changed with the NSA revelations. After that, and according to a Brazilian government source, Boeing didn’t have a chance because the trust had gone as they were an American company.
The contract was instead awarded to Swedish company Saab who will supply 36 Gripen NG fighter jets to Brazil, which are set to be delivered by 2020.The Gripen NG (or Super Gripen) is actually an upgraded version of the JAS 39 Gripen that has been in service since 1997. Modifications include a new powerplant, a significant boost to fuel capacity, and the addition of an active electronically scanned array radar.

Cryptolocker Ransomware Being Described As ‘The Perfect Crime’

BOSTON (CBS) — It is being called the perfect crime and it has law enforcement around the globe baffled.

It all starts with a simple email.
“They are scared and they are angry. It is a real terrible experience for them.”

Joe Ruthaford is talking about computer users who mistakenly launched a potent internet phishing scheme.

He recently saw one of those ravaged computers in his Beacon Hill repair shop.

“It is extremely damaging. It is one of the worst ones.” It’s called cryptolocker ransomware.

Kevin Swindon is with the FBI in Boston. “I would think about this particular type of malware as what would happen if your computer was destroyed,” Swindon said.

In the past 90 days, thousands of people worldwide have opened a seemingly innocuous link to track a holiday package. Suddenly, all the files on their computer are encrypted.

Joan Goodchild is the editor of “CSO,” Chief Security Officer magazine based in Framingham.

“This is a criminal operation. They are holding your folders and files ransom. We call this ransomware because that is exactly what it is. You need to pay in order to have access to them once again.”

And that is exactly what happened last month at the Swansea Police Department.

Target: Hack may have hit 40 million accounts

Consumers who shopped at Target stores between November 27 and December 15 -- right in the thick of the high-volume holiday shopping season -- should check their credit card statements for any unusual activity.
On Thursday, the retail chain acknowledged of a hack that obtained the names, credit or debit card numbers, expiration dates, and three-digit security codes of store customers who purchased items over the past few weeks, including the Black Friday weekend. Around 40 million credit and debit card accounts may have been affected by the attack.
The issue that let the hacker gain access to customer data has been identified and resolved, according to Target. The company said that it's working with law enforcement officials to track down those responsible for the attack and has hired a third-party forensic team to investigate the incident.
In an FAQ to customers potentially affected, Target explained that the data breach is a concern for those who made purchases at a Target store in the US between November 27 and December 15. People who bought items through Target's Web site or at a retail store in Canada are safe, according to the company. Target Redcard holders who suspect a fraudulent charge on their card should contact Target; other customers should call their bank, Target advised.

Computers Can Be Hacked Using High-Frequency Sound

(ISNS)—Using the microphones and speakers that come standard in many of today's laptop computers and mobile devices, hackers can secretly transmit and receive data using high-frequency audio signals that are mostly inaudible to human ears, a new study shows.
Michael Hanspach and Michael Goetz, researchers at Germany's Fraunhofer Institute for Communication, Information Processing, and Ergonomics, recently performed a proof-of-concept experiment that showed that "covert acoustical networking," a technique which had been hypothesized but considered improbable by most experts, is indeed possible.
Their findings, detailed in a recent issue of the Journal of Communications, could have major implications for electronic security.
"If you have a high demand for information security and assurance, you would need to prepare countermeasures," Hanspach wrote in an email to Inside Science.

Monday, December 9, 2013

NSA, GCHQ 'planted agents' into World of Warcraft, Second Life to spy on gamers

The NSA and the UK’s GCHQ spying agencies have collected players’ charts and deployed real-life agents into online World of Warcraft and Second Life games, a new leak by whistleblower Edward Snowden has revealed.

An NSA document from 2008, titled “Exploiting Terrorist Use of Games & Virtual Environments,” was published Monday by The Guardian in partnership with The New York Times and ProPublica.

In the report, the agency warned of the risk of leaving games communities under-monitored and described them as a "target-rich communications network" where intelligence targets could “hide in plain sight.”

The document showed that the US and UK spy agencies were collecting large amounts of data in the Xbox Live console network, which has more than 48 million players.

Real-life agents have been deployed into the World of Warcraft multiplayer online role-playing game and the virtual world of Second Life, in which people interact with each other through avatars.

The NSA and GCHQ also tried to recruit potential informants among the gamers, the report said.

Car hacking: Remote possibility, looming fear

WASHINGTON -- In a world in which hackers track computer keystrokes to steal credit card numbers and the government snoops on phone calls and e-mails, it's not so hard to imagine a laptop-wielding bad guy remotely wresting control of a car and wreaking havoc.
Car hacking has become a staple of Hollywood action movies, such as this year's Fast & Furious 6, in which the villains take over cars' electronics in order to crash them. It is also becoming an obsession on Capitol Hill, even though there has never been a documented case of a car being maliciously hacked in the real world.
That kind of spotlight from Congress and the media could prod the industry to take the threat of hacking more seriously, but it could just as well terrify the public before the industry has a chance to do much about it.
That would be bad news for automakers, which over the next few years want to create a unified mobile communications network, a so-called Internet of cars, to help prevent crashes and deliver a host of new in-vehicle services.
Read more.

Thursday, December 5, 2013

Hackers secretly redirecting web traffic around the world

Internet experts say huge chunks of sensitive web traffic have been routinely hijacked by hackers and diverted to foreign computers, compromising the data of victims in at least 150 cities worldwide.

Researchers at New Hampshire-based global internet intelligence company Renesys say that they’ve witnessed a complex type of Man-in-the-Middle attack occur on computer networks no fewer than 60 days this year already, the likes of which they say should never have happened.

In incidents described in a report released by Renesys last month, the firm claims that web data from major financial institutions, government agencies and Internet Service Providers (ISPs) alike were all compromised when unidentified hackers exposed a rarely-discussed vulnerability in order to almost silently divert that information away from its intended destinations, and instead route it abroad to be collected, read and then re-sent to the rightful recipient.

The method of attack exploits a vulnerability in the Border Gateway Protocol, or BGP, and takes advantage of the fact that much of the information routed through the global system of networks considered to be the backbone of the internet is exchanged based off of little more than trust among administrators.

BGP is "essentially the glue that holds the disparate parts of the Internet together," Jennifer Rexford, a computer science professor at Princeton University, told the Washington Post’s Andrea Peterson last month.

2 million Facebook, Google and other accounts compromised

Security experts say passwords for more than 2 million Facebook, Google and other accounts have been compromised and circulated online, just the latest example of breaches involving leading Internet companies.
Some services including Twitter have responded by disabling the affected passwords. But there are several things you can do to minimize further threats — even if your account isn't among the 2 million that were compromised.
Here are some tips to help you secure your online accounts:
One Thing Leads to Another
When a malicious hacker gets a password to one account, it's often a stepping stone to a more serious breach, especially because many people use the same passwords on multiple accounts. So if someone breaks into your Facebook account, that person might try the same password on your banking or Amazon account. Suddenly, it's not just about fake messages being posted to your social media accounts. It's about your hard-earned money.

iSPY: How the internet buys and sells your secrets

You probably have no idea how much of yourself you have given away on the internet, or how much it’s worth. Never mind Big Brother, the all-seeing state; the real menace online is the Little Brothers — the companies who suck up your personal data, repackage it, then sell it to the highest bidder. The Little Brothers are answerable to no one, and they are every-where.
What may seem innocuous, even worthless information — shopping, musical preferences, holiday destinations — is seized on by the digital scavengers who sift through cyberspace looking for information they can sell: a mobile phone number, a private email address. The more respectable data-accumulating companies — Facebook, Google, Amazon — already have all that. Even donating money to charity by texting a word to a number means you can end up on databases as a ‘giver’ — and being inundated with phone calls from other noble causes. Once your details end up on a list, you can never quite control who will buy them.
As you surf the web, thousands of ‘third-party cookies’ track your browsing habits. Then there’s your smartphone, which can log information every waking and sleeping moment. Quintillions — yes that really is a number — of pieces of data are being generated by us, about us. Look at Facebook. In a typical week, its users upload 20 billion items of content — pictures, names, preferences, shopping habits and other titbits: all information that can be stored and later employed to help advertisers.

Tuesday, December 3, 2013

Huawei decides to exit the US market over cyber espionage concerns

Chinese networking and telecommunications equipment provider Huawei is calling it quits in the US. CEO Ren Zhengfei recently told French news site Les Echos that it wasn’t worth it for his company to get in the middle of US / China relations and as such, they have decided to exit the US market.
In a statement on the matter, a Huawei spokesperson more or less dodged the question by saying they are committed to their customers, investments and operations with more than $1 billion in sales in the US. The message concluded by saying they stand ready to deliver additional competition and innovative solutions as desired by their customers.
Zhengfei is of course referring to the ongoing dispute between the two nations on the technology front. Specifically, many US officials believe the company is an unambiguous security threat to the US. These people suspect Huawei may be working with the Chinese military to conduct cyber espionage against the US and other countries.